Lucene search
K

1394 matches found

Vulnrichment
Vulnrichment
added 2026/02/19 9:26 a.m.2 views

CVE-2026-2718 Dealia <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/19 9:26 a.m.28 views

CVE-2026-2718 Dealia <= 1.0.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.8. This is due to the use of wpkses for output escaping within HTML attribute contexts where escattr is required. This makes it...

6.4CVSS0.00188EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/02/19 7:28 a.m.6 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/19 4:36 a.m.4 views

CVE-2025-13842 Breadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information Exposure

The Breadcrumb NavXT plugin for WordPress is vulnerable to authorization bypass through user-controlled key in versions up to and including 7.5.0. This is due to the Gutenberg block renderer trusting the $REQUEST'postid' parameter without verification in the...

5.3CVSS5.5AI score0.00322EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/02/19 12:21 a.m.6 views

WordPress Dealia plugin <= 1.0.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Gutenberg Block Attributes vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Dealia versions = 1.0.6...

6.4CVSS5.5AI score0.00188EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/02/19 12:0 a.m.8 views

WordPress plugin Breadcrumb NavXT 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00322EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/19 12:0 a.m.6 views

PT-2026-20795

The Dealia – Request a Quote plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Gutenberg block attributes in all versions up to, and including, 1.0.6. This is due to the use of wp kses for output escaping within HTML attribute contexts where esc attr is required. This makes it...

6.4CVSS5.7AI score0.00188EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/02/18 6:42 a.m.32 views

CVE-2026-2633 Gutenberg Blocks with AI by Kadence WP <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS0.00327EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/18 6:42 a.m.5 views

CVE-2026-2633

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the processimagedataajaxcallback function which handles the kadenceimportprocessimagedata AJAX action. T...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/02/18 12:0 a.m.7 views

PT-2026-20352

The Gutenberg Blocks with AI by Kadence WP plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.6.1. This is due to a missing capability check in the process image data ajax callback function which handles the kadence import process image data AJAX...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Gutenberg Blocks with AI by Kadence WP 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added t...

4.3CVSS5.8AI score0.00327EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Authenticated (Contributor+) Server-Side Request Forgery via 'endpoint' Parameter vulnerability

Authenticated Contributor+ Server-Side Request Forgery via 'endpoint' Parameter vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00283EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/17 11:58 p.m.6 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.6.1 - Missing Authorization to Authenticated (Contributor+) Unauthorized Media Upload vulnerability

Missing Authorization to Authenticated Contributor+ Unauthorized Media Upload vulnerability discovered by Ali Sünbül in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.6.1...

4.3CVSS5.5AI score0.00327EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/02/17 11:20 a.m.4 views

CVE-2026-2608

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS5.5AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/17 11:20 a.m.26 views

CVE-2026-2608 Gutenberg Blocks by Kadence Blocks <= 3.5.32 - Missing Authorization

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS0.002EPSS
Exploits0References3
CVE
CVE
added 2026/02/17 11:20 a.m.12 views

CVE-2026-2608

CVE-2026-2608 : Kadence Blocks — Page Builder Toolkit for Gutenberg Editor vulnerability in WordPress. Up to version 3.5.32, missing capability check allows authenticated users with Contributor-level access and above to perform an unauthorized action. Patch status in Wordfence context shows mitig...

4.3CVSS5.5AI score0.002EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/17 12:0 a.m.6 views

WordPress plugin Kadence Blocks — Page Builder Toolkit for Gutenberg Editor 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.002EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.8 views

PT-2026-8403

The Kadence Blocks — Page Builder Toolkit for Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Contributor-level access...

4.3CVSS5.5AI score0.002EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/02/11 11:16 p.m.5 views

WordPress Gutenberg Blocks with AI by Kadence WP plugin <= 3.5.32 - Incorrect Authorization to Authenticated (Contributor+) Post Publication vulnerability

Incorrect Authorization to Authenticated Contributor+ Post Publication vulnerability discovered by johska in WordPress Plugin Gutenberg Blocks by Kadence Blocks versions = 3.5.32...

5.5AI score
Exploits0References1Affected Software1
NVD
NVD
added 2026/02/05 7:16 a.m.6 views

CVE-2026-1268

The Dynamic Widget Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the widget content field in the Gutenberg editor sidebar in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes ...

6.4CVSS0.00288EPSS
Exploits0References4
Rows per page
Query Builder